The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

VMware has released updates to resolve multiple security flaws impacting its Workstation and Fusion software, the most critical of which could allow a local attacker to achieve code execution. The vulnerability, tracked as CVE-2023-20869 (CVSS score: 9.3), is described as a stack-based buffer-overflow vulnerability that resides in the functionality for sharing host Bluetooth devices with the virtual machine. "A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host," the company  said . Also patched by VMware is an out-of-bounds read vulnerability affecting the same feature (CVE-2023-20870, CVSS score: 7.1), that could be abused by a local adversary with admin privileges to read sensitive information contained in hypervisor memory from a virtual machine. Both vulnerabilities were  demonstrated  by researchers from STAR Labs on the third day of the Pwn2O...

Details have emerged about a high-severity security vulnerability impacting Service Location Protocol ( SLP ) that could be weaponized to launch volumetric denial-of-service attacks against targets. "Attackers exploiting this vulnerability could leverage vulnerable instances to launch massive Denial-of-Service (DoS) amplification attacks with a factor as high as 2,200 times, potentially making it one of the largest amplification attacks ever reported," researchers Pedro Umbelino from Bitsight and Marco Lux from Curesec  said  in a report shared with The Hacker News. The vulnerability, which has been assigned the identifier CVE-2023-29552  (CVSS score: 8.6), is said to impact more than 2,000 global organizations and over 54,000 SLP instances that are accessible over the internet. This includes VMWare ESXi Hypervisor, Konica Minolta printers, Planex Routers, IBM Integrated Management Module (IMM), SMC IPMI, and 665 other product types. The top 10 countries with the mo...

An Iranian nation-state threat actor has been linked to a new wave of phishing attacks targeting Israel that's designed to deploy an updated version of a Windows backdoor called PowerLess . Cybersecurity firm Check Point is tracking the activity cluster under its mythical creature handle  Educated Manticore , which exhibits "strong overlaps" with a hacking crew known as APT35, Charming Kitten, Cobalt Illusion, ITG18, Mint Sandstorm (formerly Phosphorus), TA453, and Yellow Garuda. "Like many other actors, Educated Manticore has adopted recent trends and started using ISO images and possibly other archive files to initiate infection chains," the Israeli company  said  in a technical report published today. Active since at least 2011, APT35 has cast a  wide net of targets  by leveraging  fake social media personas ,  spear-phishing techniques , and  N-day vulnerabilities in internet-exposed applications  to gain initial access and drop vario...

SaaS Adoption is Skyrocketing, Resilience Hasn't Kept Pace SaaS platforms have revolutionized how businesses operate. They simplify collaboration, accelerate deployment, and reduce the overhead of managing infrastructure. But with their rise comes a subtle, dangerous assumption: that the convenience of SaaS extends to resilience. It doesn't. These platforms weren't built with full-scale data protection in mind . Most follow a shared responsibility model — wherein the provider ensures uptime and application security, but the data inside is your responsibility. In a world of hybrid architectures, global teams, and relentless cyber threats, that responsibility is harder than ever to manage. Modern organizations are being stretched across: Hybrid and multi-cloud environments with decentralized data sprawl Complex integration layers between IaaS, SaaS, and legacy systems Expanding regulatory pressure with steeper penalties for noncompliance Escalating ransomware threats and inside...

Managing vulnerabilities in the constantly evolving technological landscape is a difficult task. Although vulnerabilities emerge regularly, not all vulnerabilities present the same level of risk. Traditional metrics such as CVSS score or the number of vulnerabilities are insufficient for effective vulnerability management as they lack business context, prioritization, and understanding of attackers' opportunities. Vulnerabilities only represent a small part of the attack surface that attackers can leverage. Initially, organizations used manual methods to address known security weaknesses, but as technology and cyber threats evolved, a more automated and comprehensive approach became necessary. However, legacy vulnerability management tools were designed primarily for compliance and modern tools still face challenges in prioritization and limited resources, especially in dynamic and agile cloud environments. Modern vulnerability management integrates security tools such as scanne...

A financially-motivated North Korean threat actor is suspected to be behind a new Apple macOS malware strain called  RustBucket . "[RustBucket] communicates with command and control (C2) servers to download and execute various payloads," Jamf Threat Labs researchers Ferdous Saljooki and Jaron Bradley  said  in a technical report published last week.  The Apple device management company attributed it to a threat actor known as BlueNoroff, a subgroup within the infamous Lazarus cluster that's also tracked under the monikers APT38, Nickel Gladstone, Sapphire Sleet, Stardust Chollima, and TA444. The connections stem from tactical and infrastructure overlaps with a  prior campaign  exposed by Russian cybersecurity company Kaspersky in late December 2022 likely aimed at Japanese financial entities using fake domains impersonating venture capital firms. BlueNoroff, unlike other constituent entities of the Lazarus Group, is known for its  sophisticated ...

Google's cloud division is following in the  footsteps of Microsoft  with the launch of  Security AI Workbench  that leverages generative AI models to gain better visibility into the threat landscape.  Powering the cybersecurity suite is Sec-PaLM, a specialized large language model ( LLM ) that's "fine-tuned for security use cases." The idea is to take advantage of the latest advances in AI to augment point-in-time incident analysis, threat detection, and analytics to counter and prevent new infections by delivering intelligence that's  trusted, relevant, and actionable . To that end, the Security AI Workbench spans a wide range of new AI-powered tools, including  VirusTotal Code Insight  and  Mandiant Breach Analytics for Chronicle , to analyze potentially malicious scripts and alert customers of active breaches in their environments. Users, like with Microsoft's GPT-4-based  Security Copilot , can "conversationally search, analyz...

Search giant Google on Monday unveiled a major update to its  12-year-old  Authenticator app for Android and iOS with an account synchronization option that allows users to back up their time-based one-time passwords ( TOTPs ) to the cloud. "This change means users are better protected from lockout and that services can rely on users retaining access, increasing both convenience and security," Google's Christiaan Brand  said . The update, which also brings a new icon to the two-factor authenticator (2FA) app, finally brings it in line with Apple's  iCloud Keychain  and addresses a long-standing complaint that it's tied to the device on which it's installed, making it a hassle when switching between phones. Even worse, as Google puts it, users who lose access to their devices completely "lost their ability to sign in to any service on which they'd set up 2FA using Authenticator." The cloud sync feature is optional, meaning users can opt to u...

The Russian-speaking threat actor behind a backdoor known as Tomiris is primarily focused on gathering intelligence in Central Asia, fresh findings from Kaspersky reveal. "Tomiris's endgame consistently appears to be the regular theft of internal documents," security researchers Pierre Delcher and Ivan Kwiatkowski  said  in an analysis published today. "The threat actor targets government and diplomatic entities in the CIS." The Russian cybersecurity firm's latest assessment is based on three new attack campaigns mounted by the hacking crew between 2021 and 2023. Tomiris first came to light in September 2021 when Kaspersky  highlighted  its potential connections to  Nobelium  (aka APT29, Cozy Bear, or Midnight Blizzard), the Russian nation-state group behind the SolarWinds supply chain attack. Similarities have also been unearthed between the backdoor and another malware strain dubbed  Kazuar , which is attributed to the Turla group (aka Krypton,...

Threat actors are employing a previously undocumented "defense evasion tool" dubbed AuKill that's designed to disable endpoint detection and response (EDR) software by means of a Bring Your Own Vulnerable Driver ( BYOVD ) attack. "The AuKill tool abuses an outdated version of the  driver  used by version 16.32 of the Microsoft utility,  Process Explorer , to disable EDR processes before deploying either a backdoor or ransomware on the target system," Sophos researcher Andreas Klopsch  said  in a report published last week. Incidents analyzed by the cybersecurity firm show the use of AuKill since the start of 2023 to deploy various ransomware strains such as Medusa Locker and LockBit. Six different versions of the malware have been identified to date. The oldest AuKill sample features a November 2022 compilation timestamp. The  BYOVD technique  relies on threat actors misusing a legitimate, but out-of-date and exploitable, driver signed by Microsof...